password required, but none set
Well, I solved my problem, but I'm not sure if it was the best approach quite yet. Anyways, I added the following line to the switch config:
aaa authentication enable default enable
Edit
aaa authentication login default group tacacs+ line
aaa authentication enable default enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
tacacs server acs1
address ipv4 2.2.2.2
key 7 <mykey>
tacacs server acs2
address ipv4 2.2.2.3
key 7 <mykey>
Related videos on Youtube
kubiej21
Updated on September 18, 2022Comments
-
kubiej21 over 1 year
I'm configuring a stack of new Cayalyst 2960-X Series switches, and I'm struggling with the following warning:
password required, but none set
I configured the switch to authenticate against our tacacs-server, and that is working just fine. Upon Googling the above warning, the only thing I have been able to find is that I need to set a password for our vty lines (which I have).
From what I understand from reading online, if I receive this warning, I shouldn't even be able to connect to the switch. I am finding that this is not the case though, for I can telnet into the switch, authenticate with my username, and enable the switch
To help clarify, this is what I am seeing below. Note that the correct enable password (enablePass in this case) is required. What am I doing wrong?
telnet 1.1.1.1 Trying 1.1.1.1 ... Open username: user password: pass Switch1>en Password required, but none set Password: enablePass Switch1#
-
blacklight over 10 yearsThis is because the switch is attempting to use AAA authentication - but you haven't defined any authentication methods. By inputting the above command, you are telling the switch to use the enable password for AAA. Providing that you aren't actually using a AAA server, then your other option would have been to remove the 'aaa new-model' command, and specified 'login local' on the desired VTY lines instead.
-
kubiej21 over 10 years@blacklight - Can you expand on the aaa authentication a bit please? I've added additional code to my answer to help clarify. With my above configuration, I thought that I had defined an aaa authentication method, so I am a little confused now. Thanks